package com.fingard.dsp.bank.directbank.icbc11.util;

import java.io.FileInputStream;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;

/**
 * 工行银保通签名验签工具类
 * 
 * @author Cruise
 * @date 2018年8月25日
 */
public class ICBC11SignUtil {
	/**
	 * 从本地文件读取公钥证书对象
	 * 
	 * @param fin 本地公钥证书文件流
	 * @return 公钥对象
	 * @throws Exception
	 */
	private static PublicKey GeneratePublicKey(FileInputStream fin) throws Exception {
		try {
			byte[] encodedpubkey = new byte[fin.available()];
			fin.read(encodedpubkey);
			fin.close();
			X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(encodedpubkey);
			KeyFactory keyFactory = KeyFactory.getInstance("RSA");
			return keyFactory.generatePublic(pubKeySpec);
		} catch (Exception e) {
			throw e;
		}
	}

	/**
	 * 从本地文件读取私钥证书对象
	 * 
	 * @param fin 本地私钥证书文件流
	 * @return 私钥对象
	 * @throws Exception
	 */
	private static PrivateKey GeneratePrivateKey(FileInputStream fin) throws Exception {
		try {
			byte[] encodedprikey = new byte[fin.available()];
			fin.read(encodedprikey);
			fin.close();
			PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec(encodedprikey);
			KeyFactory keyFactory = KeyFactory.getInstance("RSA");
			return keyFactory.generatePrivate(priKeySpec);
		} catch (Exception e) {
			throw e;
		}
	}
	
	/**
	 * 128字节数组转16进制表示的256字节数组字符串
	 * 
	 * @param bytes 128位字节数组
	 * @return 16进制表示的256字节数组字符串
	 */
	public static String getFormattedText(byte[] bytes) {
		char[] HEX_DIGITS = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' };
		
		int len = bytes.length;
		StringBuilder buf = new StringBuilder(len * 2);
		// 把密文转换成十六进制的字符串形式
		for (int j = 0; j < len; j++) {
			buf.append(HEX_DIGITS[(bytes[j] >> 4) & 0x0f]);
			buf.append(HEX_DIGITS[bytes[j] & 0x0f]);
		}
		
		return buf.toString();
	}
	
	/**
	 * RSA签名(SHA1WithRSA)
	 * 
	 * @param ownKeyStorePath JKS证书路径
	 * @param signData 签名原始数据
	 * @param charset 字符集
	 * @return 签名结果
	 * @throws Exception
	 */
	public static String signWithRSA(String ownKeyStorePath, String signData, String charset) throws Exception {
		FileInputStream privatekeyfile = new FileInputStream(ownKeyStorePath);
		RSAPrivateKey privateKey = (RSAPrivateKey) GeneratePrivateKey(privatekeyfile);
		Signature mySig = Signature.getInstance("SHA1WithRSA");
		mySig.initSign(privateKey);
		mySig.update(signData.getBytes(charset));
		byte[] sigResult = mySig.sign();
		
		return getFormattedText(sigResult);
	}
	
	/**
	 * RSA验签(SHA1WithRSA)
	 * 
	 * @param oppCertFilePath 公钥证书路径
	 * @param verifyData 验签原始数据
	 * @param sigResult 验签原始数据签名结果
	 * @param charset 字符集
	 * @return 验签结果
	 * @throws Exception
	 */
	public static boolean verifySignWithRSA(String oppCertFilePath, String verifyData, String sigResult, String charset) throws Exception {
		FileInputStream publickeyfile = new FileInputStream(oppCertFilePath);
		RSAPublicKey publicKey = (RSAPublicKey) GeneratePublicKey(publickeyfile);
		Signature mySigVerfy = Signature.getInstance("SHA1WithRSA");
		mySigVerfy.initVerify(publicKey);
		mySigVerfy.update(verifyData.getBytes(charset));
		
		return mySigVerfy.verify(sigResult.getBytes(charset));
	}
}
